[HN Gopher] URL shorteners set ad tracking cookies
___________________________________________________________________
URL shorteners set ad tracking cookies
Author : firloop
Score : 468 points
Date : 2021-01-03 19:05 UTC (1 days ago)
(HTM) web link (ylukem.com)
(TXT) w3m dump (ylukem.com)
| dillondoyle wrote:
| Maybe cookie stuffing for incentive payments? e.g. why those
| coupon sites make a ton of money even though they have zero to do
| with purchase intent (someone searching for a coupon is already
| in their cart about to buy).
| ornornor wrote:
| https://is.gd is the best url shortened I know of. Straight to
| the point, fast, light, no snooping or tracking.
| quyleanh wrote:
| Thank you for sharing. This will be my default url shortener
| from now on. Simple, fast and customizable.
| nnx wrote:
| Does this kind of cookie work anymore at all with browsers who
| use restrictive rules for third party cookies? (like Safari)
| Eriks wrote:
| Not all URL shorteners do that. I know because I own and maintain
| one that doesn't.
| stretchcat wrote:
| Hopefully yours is only available on a company LAN or other
| private network. Public link shorteners are a linkrot disaster,
| particularly the myriad of shorteners being run by random dudes
| for shits and giggles, since those disappear as soon as they
| get bored. There is nothing more frustrating than having a dead
| shortened link for content that is likely still available if
| only you had the real URL, not the shortened garbage. Link
| shorteners are a form of pollution; you may as well pour used
| motor oil down a gutter.
| qwerty456127 wrote:
| There are cases where URL shorteners are useful. E.g. some
| websites would parse a link you embed within a text you post
| and replace it with the actual video if that's a link to
| YouTube. A shortener may be the only way to post a classic
| hyperlink to a YouTube video there. Shortened URLs may also
| help when you need to put them on paper/merchandise or on TV
| or say them in a voice call. That's sad goo.gl has been
| discontinued - it was what you could rely on. IMHO
| archive.org should make their own.
| Eriks wrote:
| No, it's public and has been run for 11 years already and
| will continue to do so in foreseeable future. I would say it
| is the most popular one in my home country and it has good
| reputation among users. From my experience most linkrot
| issues comes from the fact that sites and documents URL
| shorteners link to go down before URL shorteners themselves.
| Many websites from 11 years ago doesn't exist anymore.
| stretchcat wrote:
| Will you die, will your heirs continue to operate this
| service? Or do consequences beyond your life not concern
| you? (e.g. _" Why should I care about climate change, I'll
| be dead before it gets bad!"_)
|
| To mitigate the harm you've already caused, you should put
| the service into a read-only mode and contact Archive Team
| about handing off the database. You should do this today,
| before you get hit by a bus.
| prophesi wrote:
| What harm have they "already caused"?
|
| Is link rot such a damaging phenomenon that it warrants
| attacking hobbyists and their not-for-profit public
| service?
|
| Will you help financially compensate their time setting
| up these fail-safes?
| stretchcat wrote:
| > _What harm have they "already caused"?_
|
| They have already inserted themselves as a middleman by
| shortening URLs, creating an additional point of failure
| which will inevitably break sooner or later.
|
| > _Will you help financially compensate their time
| setting up these fail-safes?_
|
| How about: _Blow it out your ass._ He made the mess, so
| if he has any integrity he 'll foot the bill for cleaning
| it up.
| Eriks wrote:
| It's users choice to use a shortener to shorten their
| long URLs. Calling shorteners middleman is just wrong.
| stretchcat wrote:
| The person who uploads the link is not the only affected
| party. This affects every unrelated person who might ever
| want to follow those links long after the shortener is
| dead and gone.
| Eriks wrote:
| Any link on the internet - shortened or not - can after
| some time die. Domain registration expire, websites get
| shut down. Domain changes ownership and new site goes up.
| Relax. It's just a lifecycle of Internet resources. Let
| us end this conversation. You obviously see things
| differently.
| prophesi wrote:
| > [Unnecessary crude remark]. He made the mess, so if he
| has any integrity he'll foot the bill for cleaning it up.
|
| He [set up a server with a link shortening service pro
| bono, eating the cost of server maintenance for 11
| years], so if he has any integrity he'll [do more free
| work].
|
| I'd argue it's the user's fault if they decide to trust a
| small hobby site to last until the end of time. How many
| link shortening services have you used which promptly
| died, causing you to find this ridiculous hill to die on?
| Eriks wrote:
| Thank you for being concerned for my life. I've set it up
| in a way that someone will take it over after my sudden
| death, don't worry.
|
| And I care about climate change, even after my death.
| dang wrote:
| Please don't post in the flamewar style to HN or cross
| into personal attack. Those things aren't compatible with
| curious conversation, which is what we're going for here.
| We're also trying to avoid the online callout/shaming
| culture [1].
|
| Even if you're right, beating people with a stick will
| neither improve their behavior nor the quality of
| conversation for anybody else. The end state of this is a
| ghost town inhabited by a few nasty diehards, abandoned
| by users one would actually want to have a conversation
| with. That seems to be the default fate of internet
| forums but the goal of this one has always been to stave
| it off a little longer [2].
|
| [1] https://hn.algolia.com/?query=online%20shaming%20by%3
| Adang&s...
|
| [2] https://hn.algolia.com/?query=stave%20by:dang&dateRan
| ge=all&...
| dejj wrote:
| Do you have some form of information escrow in place? E.g.
| could archive.org store a page of all your short-url
| mappings?
| Eriks wrote:
| Not at the moment but Archive.org is an option I'm
| considering.
| start123 wrote:
| TinyURL and a several free alternatives have been known to do it
| for a while now. But, not everybody does this to be clear.
|
| Running a free URL shortener costs time and money which is why
| they do it. For my URL shortening service https://blanq.io, I am
| planning to remove this feature and only support custom domains.
| Free shortening is highly abused by spam and its a daily battle
| to be one step ahead of them.
|
| Last week, a single bad user created a phishing link and brought
| down the entire site for an hour until I was able to restore it.
|
| Lesson learned.
| forrestthewoods wrote:
| I really wish web browsers would strip tracking code bullshit
| from URLs. When I copy/paste a link for friends I always manually
| edit that crap.
|
| On the other hand I do love websites like WireCutter which only
| exists because of referral codes.
| aembleton wrote:
| You can do this with an extension like
| https://gitlab.com/KevinRoebert/ClearUrls
|
| I found that it broke some sites though so I removed it.
| TimLeland wrote:
| Yes wirecutter exist because of affiliate links but they do
| offer detailed reviews. I use/trust them often for purchases
| and amazon affiliates do not cost the user anything extra.
| floatingatoll wrote:
| Are these cookies being caught and blocked/discarded/etc by
| Safari Intelligent Tracking Protection on macOS Big Sur and iOS
| 14?
| eznzt wrote:
| This post is a clear example of why the cookie law is an
| overreach. If you don't want websites setting cookies on your
| browser, why don't you configure your browser not to save
| cookies?
| CarelessExpert wrote:
| Eh, for links to content on my website I just cooked up my own
| URL shortener using Apache rewrite maps and a little scripting to
| generate the short codes. Simple, private, and entirely under my
| control (which also means I don't have to worry about the links
| breaking).
| ourcat wrote:
| I did that for a while with a short domain I used to own
| (urlb.at). Then ended up regretting it and shutting it down.
|
| I eventually decided that URL shorteners were a terrible idea
| for the web and that I wanted the 'actual' URLs out there.
| CarelessExpert wrote:
| > Then ended up regretting it and shutting it down.
|
| Care to elaborate?
| loceng wrote:
| I assume because it creates/introduces an arguably
| unnecessary point of potential future failure.
| duskwuff wrote:
| Also possibly because URL shorteners are frequently
| abused, e.g. to obfuscate links in spam. Operating one
| responsibly is a considerable amount of work.
| musicale wrote:
| Isn't tracking the entire business model of URL shorteners?
| bluedino wrote:
| Another reason I use a publicly curated HOSTS file (search GitHub
| hosts file for examples), even if it is a little annoying that
| those links break.
| rkagerer wrote:
| I'm an avid tinyurl user. Anyone from that site want to explain
| their justification for this before I stop using your service?
|
| What's a good alternative (with the ability to tailor the
| shortened url)? I wouldn't mind paying a couple bucks a year.
| TimLeland wrote:
| Take a look at https://t.ly/ as an alternative to tinyurl. You
| can update the url ending on the $5 a month plan. It's a
| shorter domain with more options available.
| 6510 wrote:
| I use to run into a sci usenet poster who usually provided 10-30
| shortened links with his postings pointing at books, papers and
| previous postings (google groups). Arguing over a topic he one
| time explained he had a clear analytics picture of what
| references other posters did and didn't read, who [silently]
| participated in the discussions, how much people read before and
| after writing a response, etc.
| sfgweilr4f wrote:
| I do this for teaching. But I don't use a public url shortener
| because I trust none of them. I have a shortener built into my
| teaching site.
| baxtr wrote:
| Of course they do? How would erst make money otherwise?
| dejj wrote:
| Consider "commoditizing the complement"
| (https://www.gwern.net/Complement) e.g. a news site making
| their content linkable through social media for ad revenue at
| the actual page.
| zackmorris wrote:
| Wow never heard of that, thanks!
|
| This is one of the thousand reasons that I don't think
| capitalism will be viable beyond 10-20 years from now. The
| endgame will be perfect monopoly - one global player in every
| niche of our daily existence. Slowly force-feeding us a diet
| of whatever is most profitable (whatever service encompasses
| the most dysfunction in exchange for money).
|
| Off the top of my head, a better system might be one that
| seeks to eliminate dysfunction instead of profiting from it.
| Web browsers could provide short links to all websites by
| using a hashing function instead of an encrypted refcount.
| They could remove as many identifying bits as possible (like
| cookies). I like the direction that Apple and others are
| going, preserving less user data and letting less spill
| between unrelated websites.
|
| The question of what all these advertisers will do once
| they're not allowed to track us is a big one. But my guess is
| that targeted advertising is not needed in the first place.
| They did just fine (arguably better) with demographics in the
| centuries before tech revealed our personal browsing
| histories.
| lawnchair_larry wrote:
| > This is one of the thousand reasons that I don't think
| capitalism will be viable beyond 10-20 years from now.
|
| Hmm. You posted this from your phone or computer that was
| created by capitalism, from an OS created by capitalism,
| using a browser created by capitalism, to a message board
| for an organization who literally specializes in
| capitalism. While the original incarnation of the internet
| wasn't created by capitalism, military funding and the
| inherent authoritarianism is probably not the ideal
| direction to return to. Yet you think all of this only has
| 10-20 years left?
|
| Oddly, you express a preference for what Apple are doing
| instead, yet they are the single largest product of
| capitalism or any other economic system that the world has
| ever known, including Saudi Aramco. Capitalism just "cured"
| a pandemic faster than anyone thought possible.
|
| Now, it's not without its issues, but all of the evidence
| seems to suggest that we maybe ought to think twice before
| abandoning it and probably killing hundreds of millions of
| people (again).
| SpocksBrain wrote:
| Ah yes, "you dislike Society yet you contribute to it in
| someway, I am so smart".
|
| The classical Sciences and Arts were all founded and
| developed under "divinely ordained" Monarchies. I suppose
| that would've been a fantastic case for conserving that
| system for you?
|
| Have you thought that maybe all those material
| accomplishments made under capitalism have less to do
| with the system itself and more to do with the fact it's
| the only one around? Pretty sure many of today's tech is
| founded as much on innovation that came out of Soviet
| labs as anybody else's.
|
| Also, incidentally, current day capitalism is at the beck
| and call of one of the last remaining communist
| countries. Just a curiosity.
| lawnchair_larry wrote:
| > "you dislike Society yet you contribute to it in
| someway, I am so smart".
|
| Not even close to what I said. I didn't suggest that he
| contributes anything to society.
|
| > Have you thought that maybe all those material
| accomplishments made under capitalism have less to do
| with the system itself and more to do with the fact it's
| the only one around? Pretty sure many of today's tech is
| founded as much on innovation that came out of Soviet
| labs as anybody else's.
|
| It's (mostly) the only one around because the others all
| failed spectacularly every other time. Not only did
| states collapse, but about 100 million people died. It's
| amazing that you'd use the Soviet union as an example,
| considering where they ended up.
|
| > Also, incidentally, current day capitalism is at the
| beck and call of one of the last remaining communist
| countries. Just a curiosity
|
| China is the least communist of the remaining communist
| countries. And do you happen to know what major change
| allowed their GDP to explode and make them soon-to-be the
| biggest economy in the world?
|
| Even ignoring that, do you really want to live somewhere
| like China? If you think poverty and working conditions
| are bad in the US, just you wait!
|
| Unless you meant one of the other examples, like Cuba,
| North Korea, Vietnam or Laos. I'm guessing not.
| q3k wrote:
| > You posted this from your phone or computer that was
| created by capitalism, from an OS created by capitalism,
| using a browser created by capitalism, to a message board
| for an organization who literally specializes in
| capitalism.
|
| ... that all base on centuries of research, science and
| technological development that happened before capitalism
| was even first proposed. Your point being?
| arsonaut wrote:
| cookie dropping is more common than people realize.
|
| I've created a free service with no ads and completely free that
| also generates qrcodes (https://qrli.to)
|
| The problem with url shortners is usually the abuse they get
| (from affiliate tracking above to MLM or CPL for dating sites).
| However the entry barrier is so low and they are still a relevant
| part of the infrastructure, not surprised bitly and tinyurl are
| monetizing this way.
| polote wrote:
| Don't want to be mean, but just to inform you, guidelines says
| "Please don't delete and repost. Deletion is for things that
| shouldn't have been submitted in the first place." and I know you
| have posted and then deleted the same post yesterday. It is fine
| to repost if you didn't get notice no worries
| firloop wrote:
| Sorry about that, noted.
| pluc wrote:
| Wasn't the primary use of URL shorteners to compress a given URL
| in order to reduce the character count? Given today's Twitter,
| what are they still used for besides visual convenience?
|
| Do youtu.be, t.co, fb.me and dlvr.it next!
| mschuster91 wrote:
| > Given today's Twitter, what are they still used for besides
| visual convenience?
|
| Data analytics - basically you spread out different shortened
| links on your campaigns / media, so you can track effectiveness
| while at the same time the user does not have to manually type
| in cryptic characters.
| pluc wrote:
| Yeah, what I mean is that I don't think URL shorteners do
| anything for users aside from being slightly better to look
| at
| buzer wrote:
| I mainly use them when I need to send a link that needs to be
| manually typed at some point (e.g. asking person to go some
| website during phone call).
| indymike wrote:
| Well, click tracking and click counting come to mind.
| reaperducer wrote:
| My company uses them in its print assets like billboards,
| posters, and transit ads.
|
| I see them all the time in commercial text messages, like from
| things I've subscribed to, or delivery alerts so I can track
| the pizza guy.
| Hnrobert42 wrote:
| Do they use QR codes in addition to the shortened URLs? I've
| always wondered why QR code's haven't caught on more.
| Especially for things where the objective to access
| information more convenient than fat-fingering.
| opan wrote:
| QR codes are everywhere! They're on a lot more foods and
| such than they used to be even 5 years ago. French's
| mustard has one, Barq's Root Beer cans have one. A lot of
| electronics I buy have a card in the box with a QR code to
| get to the company's site.
| aembleton wrote:
| It's a shame the Netflix app on smart TVs doesn't show
| one for login.
|
| Rather than awkwardly typing in my username and password
| through a remote control, I should be able to open the
| Netflix app on my phone and scan the qr code.
| TimLeland wrote:
| T.LY generates QR codes for all short links generated. We
| also have a simple tool for creating QR codes from any URL
| https://t.ly/qr-code-generator
| earthboundkid wrote:
| No, the primary point was always to add UTM trackers to the
| URL. That's why companies kept using them after Twitter
| introduced t.co.
| Thorrez wrote:
| Can't you add the UTM tracker to the URL with shortening the
| URL?
| jabart wrote:
| Text messages still use short links and carriers sometimes
| block by domain for links sent via A2P over their network.
| axegon_ wrote:
| Not particularly surprising. I was building a url shortner some
| 12-13 years ago but eventually abandoned it. But this was exactly
| how I planned to monetize it.
| TheRealDunkirk wrote:
| This headline might be the biggest "duh!" I've ever read on the
| site. In this day, and in this surveillance market economy, you
| must assume that you WILL be tracked wherever you CAN be
| tracked.
| isatty wrote:
| I understand the downvotes, given this is HN, but while this
| is "duh", lots of people don't actively think about it
| whenever they see a shortened link. Posts like this are okay
| now and again to remind people that they can and will be
| tracked wherever possible.
| methyl wrote:
| We use Cloudflare Workers as a very simple URL shortener [1]. It
| has very generous free tier (100k requests per day) so it's more
| than enough for a lot of use cases.
|
| [1] https://lucjan.medium.com/free-url-shortener-with-
| cloudflare...
| donmcronald wrote:
| Cloudflare docs [1] recommend using an 'AAAA' record with the
| value '100::' for the dummy DNS entry.
|
| 1.
| https://developers.cloudflare.com/workers/learning/getting-s...
| methyl wrote:
| Thanks, edited the article.
| TimLeland wrote:
| This is really interesting. I suppose tiny url gets a kicked back
| from their ad network for this. I'm the creator of the URL
| shortener (T.LY) and a Link Unshortener tool. I spend most of my
| development time fighting bad actors. My goal is to have a
| legitimate competitor to bitly that people benefit from. We do
| not set any cookies on redirects but do use cookies for
| authentication for users.
|
| T.LY: https://t.ly/
|
| Link Unshortener: https://linkunshorten.com/
| legulere wrote:
| How is your project protected from being bought off by a bad
| actor?
| cookiengineer wrote:
| > Link Unshortener: https://linkunshorten.com/
|
| Well, Google Analytics and Googlesyndication are known to set
| the infamous PREF cookie (remember Snowden and PRISM?)... so I
| wouldn't recommend that website either if the whole point of
| this discussion is to avoid ad tracking cookies.
| stanislavb wrote:
| Seems nice. I'm curious, how do you make money / stay in
| business? I couldn't find any paid options.
| 1f60c wrote:
| Maybe this has changed since your comment, but I see three
| paid plans on the homepage.
| TimLeland wrote:
| Yes always been there. There are additional plans once you
| register for more short links and teams.
| TimLeland wrote:
| Thank you! The site and extension are free to use to shorten
| links. I do offer the ability to upgrade starting at $5 a
| month which allows custom domains, ability to customize
| links, expire links based on date or clicks, private stats,
| ability to shorten links using the API (https://t.ly/docs/).
|
| I also recently release a new feature called OneLinks that
| are great for social media bios. Here is an example on a
| OneLink: https://t.ly/TimLeland
|
| Extension Link: https://t.ly/extension
| hedora wrote:
| Hmmm. My browser complained that you're running three
| trackers on that site (google, cloudflare and digital
| ocean).
| detaro wrote:
| Are you seriously equating "has an image hosted on
| digitalocean" (which probably hosts the entire site) with
| "tracking"?
| TimLeland wrote:
| Yes cloudflare for speed and protection. Digitalocean for
| file storage. I may remove google analytics.
| wolco2 wrote:
| Using cloudflaire doesn't give me confidence this will in
| anyway not track me.
| RussianCow wrote:
| Presumably, that's a tradeoff the OP is willing to make.
| bewuethr wrote:
| Just a heads-up, "OneLink" is trademarked by AppsFlyer:
| https://support.appsflyer.com/hc/en-
| us/articles/115005248543...
| samb1729 wrote:
| It is a shame that T.LY displays only the footer without
| JavaScript enabled instead of degrading gracefully. Surely a
| plain HTML form that POSTs should suffice?
|
| I'm not sure how much work it would require for you to support
| this, but it would help cement your place as a good web actor
| if you're so inclined!
| TimLeland wrote:
| Sorry about that. I honestly didn't think anyone browsed the
| web without javascript enabled. How common is that? We do
| offer a simple to use api that you could build on top of to
| shorten link. Also an extension that offers the ability to
| shorten a url in one click.
|
| API Docs: https://t.ly/docs/
|
| Extension: https://t.ly/extension
| cosmie wrote:
| You can actually sanity check how common it is for T.ly by
| triggering an analytics hit within a <noscript> tag. Looks
| like you're using GTM/GA on your site, so this[1] should
| put you on the right track.
|
| You'll still be blind to individuals that are blocking
| GTM/GA itself since you're not using the newer server-side
| GTM option, hence only a sanity check. But it's a fairly
| low-effort tweak to be able to get a read on how common it
| is for your site specifically.
|
| [1] https://www.simoahava.com/analytics/track-non-
| javascript-vis...
| usr1106 wrote:
| > I honestly didn't think anyone browsed the web without
| javascript enabled.
|
| Not very common in the general population. But there are
| those (mostly software developers) who prefer to be in
| control what code they run on their computers. I know one
| person who does most browsing using lynx. That is certainly
| extreme, but extensions like NoScript and uMatrix (has gone
| out of maintenance recently) certainly have their user
| base.
| danielskogly wrote:
| I realize you're not using React for t.ly, but the method I
| outline in this[0] blog post could perhaps be made to work
| for you if you at any point would like to accommodate users
| without JS enabled. Yours is the kind of site that this
| method is best suited for - a relatively simple UI with
| basic I/O.
|
| The biggest hurdle I've encountered so far, is that Stripe
| doesn't offer a fully nojs alternative to enable users to
| make payments, although this would be incredibly easy for
| them to do, considering that they already offer a hosted
| checkout[1]. The only thing missing here is a way to get
| the checkout URL itself from the server side, when the
| Checkout-session is generated.
|
| [0] https://blog.klungo.no/2020/05/28/using-react-and-
| redux-to-a...
|
| [1] https://stripe.com/en-no/payments/checkout
| Baeocystin wrote:
| >I honestly didn't think anyone browsed the web without
| javascript enabled. How common is that?
|
| Not the person you asked, but speaking for myself, all the
| time. I have a javascript toggle I use several times a day,
| and leave it set to off as much as I can.
| TimLeland wrote:
| Interesting..How many sites work without javascript these
| days? Does google?
| Baeocystin wrote:
| More than you'd think, not as many as I'd hope. Easily
| 2/3rds of the ones I visit work, FWIW.
|
| Google works fine without javascript. Stunningly fast.
| sundarurfriend wrote:
| > Easily 2/3rds of the ones I visit work, FWIW.
|
| I started blocking JS a few weeks ago, and this has been
| my experience as well - a pleasant surprise.
|
| For a long time I thought that would be a step too far,
| that browsing would become so annoying and unpredictable
| because of it. Any annoyance from having to turn on JS
| for individual sites is easily outweighed by the number
| of annoyances I avoid - news websites are actually
| readable, blogs open with their content rather than with
| an in-your-face pop-up, and as a bonus, I pay attention
| to things like: how many 3rd party domains is it trying
| to connect to? does it require 3rd party JS to be enabled
| to function at all? did they even consider the
| possibility of disabled JS and bother to write a noscript
| message? Things like this translate to a measure of
| trustworthiness to me now, and I've been both horrified
| (by simple blogs trying to connect to 80+ domains) and
| pleasantly surprised (by complex-seeming websites that
| don't use 3rd party JS at all).
| Moru wrote:
| It's funny when the blocker says 99+ scripts blocked on a
| news site because it can't display more than two digits.
| Or when you end up with a black page because they didn't
| bother with a no-script version.
| oauea wrote:
| > Google works fine without javascript. Stunningly fast.
|
| Until they block you for "suspicious behavior" after a
| few minutes of using it like that.
| Baeocystin wrote:
| Genuine question- has that happened to you?
| oauea wrote:
| Yes! It also happens when I am not logged in, or use a
| VPN (though that is understandable).
|
| But simply disabling javascript and clicking next a few
| times is usually enough to set off their blockages. Even
| when not using a VPN. It happens less if you only ever
| look at the first page.
| Baeocystin wrote:
| Interesting! Thanks for responding. I haven't had that
| happen to me yet, but I'm often using the same static IP
| I've had for years. Perhaps that keeps the trigger at
| bay.
| wolco2 wrote:
| It makes sense the fingerprint you create with javascript
| can identify you easily. Without that google treats you
| as suspect.
| nabeelms wrote:
| DDG has a No Javascript based search.
| agreeablebut wrote:
| Plenty, and you get used to either toggling or enable the
| specific scripts that need to run.
| Icathian wrote:
| Would you mind offering a bit more detail about the
| "toggle"? Which browser, what's the name of the
| extension, etc. I would love something like that but
| don't really want to go through the effort of setting up
| a whitelist right now.
| Baeocystin wrote:
| Sure thing, I'll edit this reply with the extension in
| question when I get home. Won't be very long.
|
| [edit] The extension is called Quick Javascript Switcher.
| https://chrome.google.com/webstore/detail/quick-
| javascript-s...
|
| It works as advertised for being a Javascript toggle.
| jmholla wrote:
| Not the person you asked, but, NoScript is a choice.
| uBlock Origin as well with the right settings. Should be
| on Chrome or Firefox. On mobile, only the latter I think.
| Kiwi too?
| IG_Semmelweiss wrote:
| with noscript, I blocked everything and then when sites
| broke, I very much enjoyed figuring out what element was
| the culprit. I became very good at remembering what
| elements rescued what urls.
|
| When i switched to Ublock origin, i didn't even realize
| how to do this. I just allowed all JS whenever i found
| broken sites.
|
| Now, this very thread encouraged me to finally figure out
| Ublock origin settings, and now, finally enable specific
| JS elements instead of a blanket "allow".
|
| Here is a gret userguide for Ublock origin toggle.
|
| https://www.maketecheasier.com/ultimate-ublock-origin-
| superu...
| eikenberry wrote:
| I use u-block origin on "medium" mode where you have it
| block 3rd party javascript by default and it behaves the
| same. Unblocking the cloudflare originating javascript
| fixes it. I'd guess my setup is more common than having
| javascript disabled entirely. Not a complaint, just another
| data point.
| esperent wrote:
| Is there some reason you want to block cloudflare JS? If
| not, wouldn't it be easier to add an exception to uBlock
| rather than try to get devs to change their site for you?
| Triv888 wrote:
| Why would it be easier for all users to add an exception
| instead of one site owner to make one change?
| eikenberry wrote:
| No reason, I always just add a cloudflare exception and
| will probably look into making it a global exception as
| it is pretty common. I was chiming in to help the site
| dev understand the issue.. giving another data point.
| Thorrez wrote:
| There are some people who have JS disabled by default.
| See the NoScript extension. So the dev wouldn't just be
| changing it for eikenberry, but for all such people.
| alias_neo wrote:
| The extension is blocking 3rd party JS. Nothing against
| Cloudflare specifically.
|
| There are various reasons to block 3rd party JS;
| security, privacy etc; CDNs and remote-linking of
| Javascript and other such content is counter productive
| to those endeavours.
|
| A good-citizen should aim to self-host anything as
| important as executable code _where possible_. The
| reasons, I hope, are obvious.
| TimLeland wrote:
| Yes I do have the site behind cloudflare but could remove
| the javascript rocket loader feature. I will look into
| this. Thanks for sharing!
| zeveb wrote:
| > I honestly didn't think anyone browsed the web without
| javascript enabled.
|
| I know a bunch of folks have replied, but I'm another one.
| I remember back before JavaScript; I remember when _Flash_
| was the bane of those who cared about privacy or security;
| I remember when 'DHTML' was the buzzword of the day.
|
| I actually have a lot more appreciation for what JavaScript
| enables now than I used to. It really is neat that we have
| this platform-independent mostly-not-completely-insecure
| app runtime. Pity that it is built atop what should have
| been a hypertext system, though.
| eadmund wrote:
| > I honestly didn't think anyone browsed the web without
| javascript enabled. How common is that?
|
| I don't know how common it is, but I do. I have a secondary
| browser profile which does allow it, but frankly for just
| about any page I visit if it doesn't work without
| JavaScript I will skip it: the Internet is large and I
| rarely _need_ to look at a page.
| CarVac wrote:
| At work I'm not allowed to have any extensions so I just
| turn Javascript off in lieu of ublock origin.
| [deleted]
| rauhl wrote:
| > I honestly didn't think anyone browsed the web without
| javascript enabled.
|
| I certainly do! I am _sure_ that I am very unusual, but to
| this day I very much prefer not to grant execute
| permissions to ever page I read. JavaScript is a huge
| security /privacy/performance hole, and is simply not
| needed for displaying lines of text and images, nor for
| accepting forms data.
|
| It has some pros, too, but on the whole I really miss the
| mid-2000s Web and am not fond of all the web applications
| out there.
| phreack wrote:
| I wouldn't say it's common, but this is the one forum where
| a considerable amount of people disable JS when browsing
| (and likely only whitelist few if any sites). It's always a
| good thing to support nonetheless, so please go for it!
| samb1729 wrote:
| I browse with NoScript blocking JavaScript by default as
| too many web developers (or their managers) have violated
| my trust to not do Dodgy Stuff over the years.
| Unfortunately I don't believe there will ever exist
| accurate numbers of the true portion of people who browse a
| subset of the web with JavaScript disabled, at least
| partially because many of those same folks will prevent the
| means used to collect the data in the first place.
|
| It's no place for me to dictate how you do your
| development, so I won't do that. It is however my personal
| opinion that websites should depend on HTML and CSS, and
| progressively enhance functionality with sprinkles of
| JavaScript. The vast majority of websites are not
| interactive applications, and I think modern web
| development practices could do with something of a hard
| reset.
|
| I'll leave it as an exercise for the reader to decide how
| things ended up where they are now and whether it's a good
| thing for them. Personally I think it's comical and
| horrifying just how much compilation goes on in projects
| written in that particular interpreted language these days!
| ficklepickle wrote:
| Do you run native phone apps? Because they are 10000x
| worse. 75mb to display a website and 20
| tracking/retargeting libs.
|
| Apps are killing the open web anyway. People being born
| now will grow up without knowing what the web is.
|
| I agree about the state of the web tho. I'm a web dev and
| I often browse with JS disabled and always with
| adblocking and pihole.
| sneak wrote:
| Javascript JIT is a massive attack surface, and is disabled
| by many on higher-assurance machines.
| Moru wrote:
| I also run script blocking on everything. And I block the
| domains for all url shorteners in my DNS so I don't
| accidentally go to some weird site. I also evangelize this
| to all my customers and some actually want me to install it
| on their computers too. Sadly there is so many pages that
| breaks down without allowing a lot of external scripts but
| it has to be something really important for me to bother
| with unblocking something.
| daniellarusso wrote:
| Can you instead use the meta refresh tag?
| cphoover wrote:
| Why use meta refresh tag over a http redirect:
| https://t.ly/home
| samb1729 wrote:
| Thorrez is correct in their interpretation of my comment,
| so I have nothing to add there.
|
| However given your username I'd like to let you know Cobra
| Kai season 3 recently released and is as silly as ever, in
| case you haven't already watched!
| TimLeland wrote:
| Try curl https://t.ly/c55j
|
| The response is:
|
| <meta http-equiv="refresh"
| content="0;url='https://weatherextension.com/'" />
| Thorrez wrote:
| samb1729 isn't talking about viewing shortened URLs. That
| works fine with javascript disabled. samb1729 is talking
| about viewing the the homepage of t.ly and creating
| shortened URLs.
|
| Side note, I think a 301/302/303/307/308 redirect is better
| than meta refresh (t.ly happens to use a 301 redirect +
| meta refresh).
| TimLeland wrote:
| Yes T.LY uses a 301 redirect which is better for SEO for
| the long url domain.
| codefined wrote:
| I currently host https://femto.pw/ - A URL shortener I've kept up
| for ~4 years and intend to indefinitely. It doesn't do anything
| with regards to tracking cookies or other dark patterns. It just
| redirects you using a 302 redirect.
| Merman_Mike wrote:
| FYI that your site is blocked by this list:
| https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-list
|
| HN post for that list here:
| https://news.ycombinator.com/item?id=25512273
| codefined wrote:
| Hm, well I've got to work out how to get off that list!
| Thanks for giving me the heads up.
|
| EDIT: I'm not sure quite how to deal with being put on ad
| lists. Sure, people can upload any file to our host so it's
| plausible that someone, at some point, has uploaded an
| advert. Someone could also redirect to an advert domain and
| we'd have no way to really deal with that unless it was
| reported. Ideas are welcome for solutions.
| Moru wrote:
| For me the problem is that you hide URL's that I can click
| on and have no idea where I end up. So I block all url-
| shorteners as a principle on my pi-hole.
| Hnrobert42 wrote:
| Just some thoughts:
|
| 1. Reach out to the list maintainer to see why your site
| was added.
|
| 2. Create a blocklist comprised of those ad lists. Don't
| redirect to sites on the blocklist.
|
| 3. (Of dubious practical value) Create a Terms of Service
| that says users may not use your to link to advertisements.
| Merman_Mike wrote:
| +1 to the second suggestion as a low-effort way to make
| some headway in staying off blocklists.
|
| A place to start might be this large, very popular list
| that combines a bunch of other lists: https://oisd.nl/
|
| Actual text file is here (large file warning):
| https://hosts.oisd.nl/
|
| Just prevent your service from shortening links to any of
| those domains.
| rndomsrmn wrote:
| You might want to consider checking for hosts listed in
| https://github.com/notracking/hosts-blocklists
|
| This is an excellent merged blocklist, with public
| whitelist (oisd is fully closed, no insight in what is
| whitelisted and why, also causing more false positives..)
| sjhgvr wrote:
| No longer the case: https://oisd.nl/excludes.php
| TylerE wrote:
| > 3. (Of dubious practical value) Create a Terms of
| Service that says users may not use your to link to
| advertisements.
|
| That seems entirely unenforceable. Aren't ALL websites
| ultimately advertisements?
| recursive wrote:
| > Aren't ALL websites ultimately advertisements?
|
| No. Some are just information, art, or what-have-you.
| Here's one I just found now.
|
| https://aaron.axvigs.com/
| TylerE wrote:
| That could still be considered an advertisement of his
| existence and writing skills.
|
| If the goal is _purely_ informational, why is the author
| 's name attached?
|
| The site also _advertises_ the CMS it runs on.
|
| That's my point, by a reasonable standard, ANY site that
| exists is an advertisement for something or other, thus a
| rule saying "no linking to advertisements" is worse than
| useless.
| kortilla wrote:
| This must be the mindset it takes to work in the ad tech
| industry.
|
| Ads are sort of like porn. There are lots of things you
| certainly know serve no other purpose than to advertise
| something and you can block them outright. Native
| advertising is certainly difficult though.
| TylerE wrote:
| Do not work, nor I have I ever worked, in ad tech.
| recursive wrote:
| I guess you have a different understanding of what
| "advertising" is than the general understanding.
| TylerE wrote:
| advertising or ad*ver*tiz*ing [ ad-ver-tahy-zing ] - noun
| - the act or practice of calling public attention to
| one's product, service, need, etc.
| recursive wrote:
| I believe it's possible for a website to exist without
| calling attention to anything.
|
| Or perhaps you believe the mere existence of information
| is a call for attention.
| obventio56 wrote:
| Doesn't all content exist to receive attention?
|
| I think there would be exceptions, like test sites,
| personal experiments etc. that could make it on to the
| internet without seeking attention, but any content
| designed for consumption is attention-seeking.
| recursive wrote:
| > Doesn't all content exist to receive attention?
|
| Maybe. Attention can also be granted without it have been
| called there. There are also websites not designed for
| consumption.
|
| If every website is advertising, then surely most of
| human discourse and activity would also be considered
| advertising. What's even the purpose of the word?
|
| You're not going to convince me that everything is an ad,
| and I probably won't convince you either. I'm not
| interested in playing any further semantic word games.
| I'll read any replies you make if you choose to, but I
| have nothing more to offer in this thread.
| obventio56 wrote:
| I agree that not everything is an ad. I think the parent
| comment is fairly trite.
|
| I do believe all content made for consumption (even
| purely informational content) is attention-seeking.
| [deleted]
| miked85 wrote:
| That list is questionable at best.
|
| There are many claims the list author makes without any
| source code at all, though a lot of buzzwords. The reddit
| r/pihole moderator pulled the post: https://www.reddit.com/r/
| pihole/comments/kh5dit/the_quantum_... . The thread was more
| entertaining before the list author deleted every downvoted
| comment they made.
| Jap2-0 wrote:
| [0] is perhaps even more concerning - apparently it bears a
| striking resemblance to Steven Black's (slightly more
| reputable) list[1] [edit: plus a few hundred thousand other
| rules of questionable sourcing].
|
| [0] https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-
| list/-/i...
|
| https://github.com/StevenBlack/hosts/issues/1487
|
| [1] https://github.com/StevenBlack/hosts
| Merman_Mike wrote:
| I agree that it's questionable. I commented the same in the
| thread I linked:
| https://news.ycombinator.com/item?id=25513161
|
| However, at least for Pi-Hole users, more is _usually_
| better, so I added the list to my Pi-Hole.
| phire wrote:
| _> > We were testing an AI that could show some basic
| emotions about internet content, and turns out it was
| very precise at getting "annoyed" by ads and
| "unsolicited" third party connections..._
|
| Holy shit that's such bullshit.
|
| They are basically claiming they invented a artificial
| general intelligence, with feelings, that happens to feel
| the same way about ads as us. It's basically sentient
| instead of publishing research papers, they turned it
| into an ad blocker.
| srtjstjsj wrote:
| It's just colorful language for the fact that ads and
| spyware score high on their model for bad websites.
| phire wrote:
| First: Marketing bullshit is still bullshit.
|
| Even if it's not morally wrong, it makes you look like an
| idiot who doesn't understand the technology you are
| selling. In the worst case it might even be used as
| evidence that your work is a fraud.
|
| There is no benefit; To the lay person, It would sound
| just as impressive to say "We trained a machine learning
| model to detect ads and spyware" and that wouldn't
| immediately set off alarm bells with people familiar with
| the current state of machine learning.
|
| Second: Talking about fraud, the evidence linked above is
| pretty strong.
|
| Their alleged AI is somehow detecting test domains that
| authors of other lists as "ads or spyware". Test domains
| that aren't linked anywhere on the internet.
|
| In one "smoking gun" example, the test domain doesn't
| even have a DNS entry. The alleged AI can't even load the
| domain to scan it.
| llacb47 wrote:
| No, more is not usually better. Especially with a garbage
| ""AI-generated"" (not) list with untrustworthy
| maintainers like this one. It's better to add a low
| number of lists with trusted maintainers, who actively
| curate their lists and respond to false positives. That
| means no "mega-list" abominations like oisd.nl.
|
| I suggest: https://www.github.developerdan.com/hosts/
|
| https://gitlab.com/curben/urlhaus-
| filter/raw/master/urlhaus-...
|
| https://raw.githubusercontent.com/notracking/hosts-
| blocklist...
|
| https://raw.githubusercontent.com/anudeepND/blacklist/mas
| ter...
| Merman_Mike wrote:
| Can you explain why more is not usually better?
|
| I added the 4 lists you recommended to my Pi-Hole, which
| added a net new 73,253 domains to my Pi-Hole. My total is
| now close to 2M.
| PixyMisa wrote:
| You could just blacklist *.com and be done with it.
| freebuju wrote:
| You joke but I would be most happy if all my web needs
| could be served on .onion addresses
| q3k wrote:
| What happens to it when you die? Do you have a contingency plan
| to export this data somewhere for archival purposes?
| codefined wrote:
| I've worked with the Internet Archive to ensure continuity if
| I get hit by a bus or anything. A list of all items that have
| been uploaded to the site will be provided to them if
| anything happens to me.
| tsjq wrote:
| Pls pardon my ignorance.
|
| Is this not addressed by blocking all 3rd party cookies at the
| Browser ?
| tomaszs wrote:
| I am not surprised. URL shorteners will try to monetize
| eventually. One way is to support ad networks, other is to show
| ads and videos before navigating to the target URL. I am 100%
| sure TOS allow it since the beginning.
|
| As far it seems to be a grim future, it is almost only way they
| can monetize. Otherwise they will close their businesses
| rendering millions of URLs broken, what I think is the future
| that is too easy to predict.
| donmcronald wrote:
| > As far it seems to be a grim future, it is almost only way
| they can monetize.
|
| Bitly charges $30/month (basic) which seems like an outrageous
| amount of money to me for what it does. How much more
| monetization do they need?
| bobdosherman wrote:
| Could also cross-subsidize by being a sub-affiliate network as
| part of an affiliate network. Company earns percentage of
| affiliate commissions produced by in-network links, which
| subsidize the non-commissionable out-of-network links (and non-
| earning in-network links).
| okprod wrote:
| Is yourls.org an alternative? Requires some work though
| [deleted]
| npunt wrote:
| _Everything_ that sits between you and your destination is a
| middleman tracking you, unless proven otherwise.
| HenryKissinger wrote:
| (Astronaut looking at planet Earth) "Wait, it's all trackers?"
| castratikron wrote:
| (Stallman) "Always has been"
| m00x wrote:
| The title should be "TinyURL sets ad tracking cookies" as this is
| the only one proven to do in this article.
|
| There are tons of URL shorteners, and not all of them do this.
| firloop wrote:
| bit.ly and t.co both do, and they're hugely popular. I just
| left the HTTP responses out of the post for brevity. From the
| post:
|
| >While neither redirect you to an advertising company like
| TinyURL, Twitter's primary business model is advertising, and
| bit.ly's privacy policy says they share data with third parties
| to "...provide advertising products and services..."
|
| Both services set long-lived tracking cookies:
| curl -v 'http://bit.ly/aFzVh0' ... < Location:
| http://nymag.com/daily/entertainment/2010/08/hear_katy_perrys_m
| ilk_milk_lem.html < Set-Cookie:
| _bit=l03lLp-b899a3350a02095760-00P; Domain=bit.ly; Expires=Fri,
| 02 Jul 2021 21:47:25 GMT curl -v
| 'https://t.co/45cMiYOHQ8' ... < location:
| https://luke.cat/ < set-cookie:
| muc=6d0d0800-f738-4704-b292-f03b6e5a5f91; Max-Age=63072000;
| Expires=Tue, 03 Jan 2023 21:49:09 GMT; Domain=t.co; Secure;
| SameSite=None
| jrochkind1 wrote:
| They could of course be sharing the click "back channel" with the
| ad network without any visible redirect at all, and still
| capturing just as much data. I guess it couldn't actually set a
| cookie with the viglink.com domain though.
|
| Is that important enough to risk being "found out", or do they
| just not care that much about being found out, so went with the
| somewhat technically easier to implement but visible to end-user
| option?
| wolco2 wrote:
| Not my personal url shortener.
| calmchaos wrote:
| Use Cookiebro webextension to get rid of such tracking cookies
| automatically. Problem solved.
|
| https://nodetics.com/cookiebro
| l1am0 wrote:
| For exactly this problem I did build https://unshort.link
|
| It is a service that unshortens the url and removes (if possible)
| the tracking parameters.
|
| It is GPL3, allows Easy Self Hosting and has an automatic browser
| plug-in
| appleflaxen wrote:
| His GDPR letter is quite well written, too
|
| https://ylukem.com/files/_viglink-gdpr-email.png
| 1f60c wrote:
| I think they used this template:
| https://www.datarequests.org/blog/sample-letter-gdpr-access-...
| davchana wrote:
| I had been using a personal URL shortener on & off since 2009.
| Bit.ly custom domain, goo.gl, yourls on a php server, bit.do, &
| many others. Even a static site Jekyll powered one at
| https://gitlab.com/davch/static-redirect
|
| I could not use YOURLS because its too much maintenance
| demanding, like any other php script. Server vulnerabilities,
| versions, errors. Bitly custom domain because you can't customize
| the word after slash. Its still going to be random. Bit.do was/is
| fun, & good.
|
| Then I got introduced to Firebase, at that time recently acquired
| by Google. Dynamic Links, with myWord.page.link subdomain. I got
| few, 5 max subdomains were allowed initially. I made two
| projects, & total have 8 subdomains with page.link ending. Now
| they even allow custom domains, & it is even default option. I am
| using that not from about 2-3 years.
| cccspr wrote:
| I noticed that share buttons like sharethis and addthis do it
| also. I bet if you look deep into their privacy policy (which no
| one does) it'll vaguely mention their data acquisition and
| "monetization" usage.
| freebuju wrote:
| The worst kind. These ones will outright share (and profit
| from) your social profile data to advertisers.
| rsync wrote:
| Although "Oh By"[1] is not strictly a URL shortener it can be
| used as one quite nicely.
|
| When used as a URL shortener, there are no cookies, no tracking,
| and ublock origin shows a nice big zero throughout. This is
| because the revenue model of Oh By is selling custom/vanity codes
| - not monetizing user data or advertising.
|
| "If you're looking for a dead-simple URL shortener that respects
| your privacy and doesn't slow you down with ads or multi-megabyte
| interstitial pages, Oh By might be for you."[2]
|
| [1] https://0x.co
|
| [2] https://0x.co/faq.html
| [deleted]
| bobkrusty wrote:
| . You have to type http:// on the message field To make a
| redirect
| rsync wrote:
| Yes, correct.
|
| The typical use case is a human message, not a URL. If you
| want a redirect you need to explicitly prefix it like that...
| madars wrote:
| Wow! https://preview.tinyurl.com/examplezoom really shows
| https://zoom.us/j/123456789 link whereas Chrome network inspector
| confirms the viglink.com redirect. uBlock origin blocks the
| latter via Dan Pollock's hosts file and Peter Lowe's Ad and
| tracking server list.
| fireattack wrote:
| Tried in a new profile and didn't see any viglink.com.
|
| Edit: the link should be https://tinyurl.com/examplezoom (which
| does have viglink.com).
|
| For some reason you wrote the preview link,
| https://preview.tinyurl.com/examplezoom, which does _not_ have
| the tracker.
| 1f60c wrote:
| I think that's their point: preview.tinyurl.com is lying to
| you.
| fireattack wrote:
| Ah, I misunderstood.
|
| TBF I think they have direct link on preview page simply
| because they don't want to track the traffic from these
| pages (instead of trying to disguise), but the practice is
| still bad.
| 1vuio0pswjnm7 wrote:
| As someone who uses a whitelist approach, I am curious whether
| people ever experience false positives or missing entries with
| these lists? I have little experince with those lists except
| for going through one of them once and being shocked at what
| was in there.
|
| The setup I use is customised for me, i.e., Rube Goldberg would
| be proud. I can view and manipulate all traffic from outside
| the application and outside the origin computer. I can strip
| cookies based on IP, domain or URL very easily. I also control
| DNS so only domains I approve would even return an IP address.
| blackbear_ wrote:
| That sounds so cool, I'd love to know more about your setup!
| samb1729 wrote:
| What is the user interface for your setup like? It sounds
| attractive but possibly prohibitively frictious to be
| workable for me.
|
| I currently use a combination of uBlock Origin blacklisting,
| NoScript whitelisting, and Little Snitch alerting, if you
| need a baseline to compare. I've also run a Pihole instance
| in the past to loop my phone in, but that's not running as of
| today.
| 1vuio0pswjnm7 wrote:
| No GUI.
|
| I think what I have created is something like a cross
| between Pi-Hole, Burp and something yet to be named. But
| it's faster, more flexible, uses different software and is
| Java-free.
| samb1729 wrote:
| Sorry if I was unclear, I wasn't asking about a GUI. I
| mean how do you interface with it as the user? I assume
| it isn't just something you launch and forget about given
| your description.
| [deleted]
| wodenokoto wrote:
| There are many false positives or grey negatives when using
| those filters.
|
| But it mostly happen during these kinds of redirects where
| one or more actors wants to be in the redirect loop. This
| could be URL shorteners or price comparison websites.
|
| uBlock asks if you want a one time exception when a redirect
| leads you to a blocked url.
| everdrive wrote:
| Why do url shorteners even exist? They literally add no benefit
| whatsoever.
| Can_Not wrote:
| Malicious links can have warning pages instead of redirects,
| malicious url shorteners can change URLs after they were
| promoted.
| aembleton wrote:
| Simpler qr codes that can be read by your phone at a greater
| distance or with more error correction.
|
| Text messages where going over a character limit adds to the
| cost
| mattwad wrote:
| not everything supports HTML, like calendar invites and SMS
| messages, and some of these things have character limits.
| freebuju wrote:
| For ex. I can literally type the short url in a browser when
| using a different device. It's convenient uses cannot be
| understated.
| lilyball wrote:
| Isn't this kind of redirection to set a cookie something
| explicitly blocked by Safari's Block Cross-Site Tracking feature?
| And I believe Firefox introduced a similar feature as well (not
| sure about Chrome). I feel like this kind of redirect thing was
| explicitly called out in the blog post announcing the very first
| version of this feature.
| hooande wrote:
| If I recall correctly, Viglink does affiliate marketing.
| Essentially they are setting an affiliate cookie to make money
| from anything you purchase on Amazon, Walmart.com, Ebay, etc.
| This cookie will override any other that was already set. So if
| you clicked a link to a book from a blog post and then clicked on
| a tinyurl, they would get the affiliate referral money and not
| the blog.
|
| It's an easy way to make money because it doesn't involve a long
| sales process with major advertisers. Viglink does all that.
| tinyurl, bitly, et al are probably making a fair amount given
| their reach
| dannyw wrote:
| Basically:
|
| 1. TinyURL does not give Zoom any more customers than they
| would have had otherwise.
|
| 2. Zoom pays VigLinks and TinyURL.
|
| 3. An incompetent, or unethical performance marketer gets to
| claim to their boss they are driving X upgrades for $Y when in
| reality they are driving 0 incremental upgrades for $Y.
| ForHackernews wrote:
| How is this news in 2021?
|
| I remember going to talks by tech people at link-shortener
| companies (bit.ly, IIRC) in like 2012 where they were talking
| about all the fancy analytics and tracking they offered and why
| it was so great that you should route all your links through them
| to get more "insight" into visitors.
| sanmak wrote:
| I think these guys do this to pay for their servers, infra and
| salaries if any. One of the business model.
|
| I think we have ton of url shortener available in the market.
| Difficult to point one which is 100% safe and secure.
| vitus wrote:
| Tinyurl actually has a preview feature, which you can enable by
| default.
|
| https://preview.tinyurl.com/examplezoom
|
| Curiously, this specific tracking behavior (both the redirect and
| the cookie) goes away when turning on previews.
|
| (Incidentally, my uBlock origin filters block the VigLink
| redirect as a tracker, by default, as a sibling commenter points
| out.)
| reilly3000 wrote:
| I honestly thought that was common knowledge. Like why else would
| you use a URL shortener, since Twitter started doing it on their
| own?
|
| I can do more to help web users understand trackers... perhaps I
| will work on that this year.
|
| I've worked in and around the space for too long to see outside
| of my bubble.
___________________________________________________________________
(page generated 2021-01-04 23:01 UTC)